package cn.mgm.base;

import java.sql.*;
import java.util.Scanner;

public class JDBCInjection {
    public static void main(String[] args) throws SQLException {
        // 控制台输入姓名  (如果输入以下值,会出现 SQL 注入问题 aaa' or '1'='1)
        System.out.println("请输入用户名:");

        Scanner scanner = new Scanner(System.in);
        String name = scanner.nextLine();

        // 获取连接对象
        Connection connection = DriverManager.getConnection("jdbc:mysql://139.224.197.217:3336/guigu-auth?useSSL=false", "root", "kaa3akv8");

        // 获取 SQ语句对象
        Statement statement = connection.createStatement();





        // SQL 语句
        String sql = "SELECT * FROM sys_user where username = '"+name+"'";
        ResultSet resultSet = statement.executeQuery(sql);

        while (resultSet.next()){
            String username = resultSet.getString("username");
            System.out.println(username);
        }
    }
}
